[imp] Windows XP caches login credentials.

[Michael M Slusarz]

Quoting Barry Pederson <barryp@medicine.nodak.edu>:

| Jon Parise wrote:
| > On Sun, Jul 21, 2002 at 08:05:27PM -0500, Eric Rostetter wrote:
| > 
| > Yes, that's my point.  This only makes sense as a per-user option, and
| > they already have that option in their browser, so there's no reason
| > for us to implement it on our end.
| 
| But what if the user is using a browser that's not "their" browser? 
| It's in a library, or a computer lab, or internet cafe - maybe they 
| don't have access to the browser preferences.

My quick comment: If I tell my browser I want my password saved, then some 
programmer from the Horde project should not have the power to override my 
personal settings.  This is most definitely _not_ expected behavior.

| Sure, the person running the lab or whatever should set the browser to 
| not remember that stuff, but can you absolutely always count on that?

If security was our only concern (granted it *is* a very important concern) 
then we would not allow any connections to the Horde framework without a 
secure connection.  This is twice the security concern than a saved 
password for a single application is yet we still allow it.  There is only 
so much an application should be expected to do - you can't (and shouldn't) 
expect a piece of software to ensure that anything a user does will be 
secure.

On a seperate note, it would be extremely simple to provide patches that 
would allow individual admins to change this behavior.  This is a much 
better solution than either a per-user or per-site configuration.

michael

______________________________________________
Michael Slusarz [slusarz@bigworm.colorado.edu]
The University of Colorado at Boulder